Extended-Rights

[Matthias Dieter Wallnöfer]

Dear Matthieu Patou!

I find your plan (extracting the containers from a Windows Server 
deployment) okay since also all previous containers in SAMBA 4 have been 
added in the same way. Additionally, you have now also the possibility 
to look at the MSPP/WSPP documentation from Microsoft.
We at the moment wait until the schema update for SAMBA 4 is completed 
to have the whole Microsoft AD schema up and running. Then we'll have a 
look at adding containers, OU's etc. to the DIT at provisioning. In the 
meantime you could give it a try and start with coding it (maybe it 
needs only the actual SAMBA 4 schema classes). I would enhance 
"provision_configuration.ldif". Afterwards, I would put the completed 
work in Bugzilla, so it doesn't get lost.

Matthias

Matthieu Patou schrieb:
> Dear all,
>
> It seems that this part is missing in the samba4 implementation of 
> microsoft AD.
> In fact a quick look at configuration 
> (CN=Configuration,dc=smb4,dc=tst) naming context reveal that those 
> containers are missing:
>
> * Schema
> * Physical Locations
> * NTDS Quotas
> * LostAndFoundConfig
> * ForestUpdates
> * Extended-Rights
>
> Of all of theses the Extended Rights is the most important and is used 
> by the Active Directoy User and Computer tools to define more 
> precisely which rights a user/group is granted !
> I guess It's quite simple to make an extraction of a W2K, W2K3 or W2K8 
> server and get a dump of this container (and other as well).
> Have I the right to do so ?
> I am ready to make an extraction program and generate a dump of those 
> container, to which provision_xxx.ldif this dump should be added ?
>
> And after this I guess rights can easily be granted but until 
> something in the code do checking against those rights nothing will 
> happen. Am I right ?
>
> Matthieu.
>